linux

Author SHA1 Message Date

Author	SHA1	Message	Date
Maximilian Luz	e94a26504f	platform/surface: aggregator_cdev: Add comments regarding unchecked allocation size CI static analysis complains about the allocation size in payload and response buffers being unchecked. In general, these allocations should be safe as the user-input is u16 and thus limited to U16_MAX, which is only slightly larger than the theoretical maximum imposed by the underlying SSH protocol. All bounds on these values required by the underlying protocol are enforced in ssam_request_sync() (or rather the functions called by it), thus bounds here are only relevant for allocation. Add comments explaining that this should be safe. Reported-by: Colin Ian King <colin.king@canonical.com> Fixes: `178f6ab77e` ("platform/surface: Add Surface Aggregator user-space interface") Addresses-Coverity: ("Untrusted allocation size") Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com> Link: https://lore.kernel.org/r/20210111154851.325404-3-luzmaximilian@gmail.com Signed-off-by: Hans de Goede <hdegoede@redhat.com>	2021-01-13 10:30:21 +01:00
Maximilian Luz	a403c1dfcf	platform/surface: aggregator_cdev: Fix access of uninitialized variables When copy_struct_from_user() in ssam_cdev_request() fails, we directly jump to the 'out' label. In this case, however 'spec' and 'rsp' are not initialized, but we still access fields of those variables. Fix this by initializing them at the time of their declaration. Reported-by: Colin Ian King <colin.king@canonical.com> Fixes: `178f6ab77e` ("platform/surface: Add Surface Aggregator user-space interface") Addresses-Coverity: ("Uninitialized pointer read") Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com> Link: https://lore.kernel.org/r/20210111154851.325404-2-luzmaximilian@gmail.com Signed-off-by: Hans de Goede <hdegoede@redhat.com>	2021-01-13 10:30:21 +01:00
Maximilian Luz	178f6ab77e	platform/surface: Add Surface Aggregator user-space interface Add a misc-device providing user-space access to the Surface Aggregator EC, mainly intended for debugging, testing, and reverse-engineering. This interface gives user-space applications the ability to send requests to the EC and receive the corresponding responses. The device-file is managed by a pseudo platform-device and corresponding driver to avoid dependence on the dedicated bus, allowing it to be loaded in a minimal configuration. A python library and scripts to access this device can be found at [1]. [1]: https://github.com/linux-surface/surface-aggregator-module/tree/master/scripts/ssam Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com> Link: https://lore.kernel.org/r/20201221183959.1186143-9-luzmaximilian@gmail.com Signed-off-by: Hans de Goede <hdegoede@redhat.com>	2021-01-07 00:06:39 +01:00

Maximilian Luz

e94a26504f

platform/surface: aggregator_cdev: Add comments regarding unchecked allocation size

CI static analysis complains about the allocation size in payload and
response buffers being unchecked. In general, these allocations should
be safe as the user-input is u16 and thus limited to U16_MAX, which is
only slightly larger than the theoretical maximum imposed by the
underlying SSH protocol.

All bounds on these values required by the underlying protocol are
enforced in ssam_request_sync() (or rather the functions called by it),
thus bounds here are only relevant for allocation.

Add comments explaining that this should be safe.

Reported-by: Colin Ian King <colin.king@canonical.com>
Fixes: 178f6ab77e ("platform/surface: Add Surface Aggregator user-space interface")
Addresses-Coverity: ("Untrusted allocation size")
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
Link: https://lore.kernel.org/r/20210111154851.325404-3-luzmaximilian@gmail.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

2021-01-13 10:30:21 +01:00

Maximilian Luz

a403c1dfcf

platform/surface: aggregator_cdev: Fix access of uninitialized variables

When copy_struct_from_user() in ssam_cdev_request() fails, we directly
jump to the 'out' label. In this case, however 'spec' and 'rsp' are not
initialized, but we still access fields of those variables. Fix this by
initializing them at the time of their declaration.

Reported-by: Colin Ian King <colin.king@canonical.com>
Fixes: 178f6ab77e ("platform/surface: Add Surface Aggregator user-space interface")
Addresses-Coverity: ("Uninitialized pointer read")
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
Link: https://lore.kernel.org/r/20210111154851.325404-2-luzmaximilian@gmail.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

2021-01-13 10:30:21 +01:00

Maximilian Luz

178f6ab77e

platform/surface: Add Surface Aggregator user-space interface

Add a misc-device providing user-space access to the Surface Aggregator
EC, mainly intended for debugging, testing, and reverse-engineering.
This interface gives user-space applications the ability to send
requests to the EC and receive the corresponding responses.

The device-file is managed by a pseudo platform-device and corresponding
driver to avoid dependence on the dedicated bus, allowing it to be
loaded in a minimal configuration.

A python library and scripts to access this device can be found at [1].

[1]: https://github.com/linux-surface/surface-aggregator-module/tree/master/scripts/ssam

Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
Link: https://lore.kernel.org/r/20201221183959.1186143-9-luzmaximilian@gmail.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

2021-01-07 00:06:39 +01:00

3 Commits